Description

An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin.

Remediation

References

CVE-2018-1000424

Related Vulnerabilities

Nexus Repository Manager Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-11415)

WordPress Plugin WordPress Contact Forms by Cimatti Cross-Site Scripting (1.4.11)

WordPress Plugin Themify Builder Cross-Site Scripting (5.3.1)

PHP Other Vulnerability (CVE-2016-4541)

WordPress Plugin AnyComment Cross-Site Scripting (0.0.32)

Severity

High

Classification

CVE-2018-1000424 CWE-522 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities